Most common passwords

Online security hit headlines again when hackers collected thousands of Hotmail, Gmail and Yahoo! usernames and passwords through a phishing scheme and posting the information online.

Google, Microsoft and Yahoo! acted swiftly to limit the impact of this attack on their email user base, but what emerged is even more alarming than the phishing attack itself – a large group of Internet users make use of weak and generic passwords.

In a recent article on Acunetix the information from 10 000 Windows Live Hotmail accounts were analyzed, and it was found that many users selected very weak passwords which can easily be guessed or broken using a passwords list.

According to this article the most popular passwords were ‘123456’, ‘123456789’, ‘alejandra’, ‘111111’ and alberto. Other popular passwords included ‘12345678’, ‘1234567’ and ‘15.654321’.

Most of the passwords were between six and nine characters long, not particularly surprising as the human brain can typically only store between five and nine bits of information in its short term memory. Users therefore select passwords on the high end of the ‘memory scale’ to easily remember passwords while making it as difficult as possible to guess their password.

“The password trends show that the average user cares less about choosing a strong password and more about memorability,” said InTechnology which created a list of common passwords it suggests avoiding. The following passwords should be avoided: password, 123456, qwerty, abc123, letmein, monkey, myspace1, password1, link182, (your first name).

The need for a strong or unique password extends beyond online passwords to ATM bank cards and security pin codes. A recent study found that a large percentage of ATM card users select their birth date (month & day) as their 4 digit pin code, mainly because it is easy to remember. Such a weak pin code can easily be exploited by criminals and should be changed to something less obvious.